Logstash configuration installation

Read

yum:

 <trans data-src="[">[</trans> <trans data-src="root@ELK-node2">root@ELK-node2</trans> <trans data-src=" elasticsearch]# cd /etc/yum.repos.d/"> elasticsearch]# cd /etc/yum.repos.d/</trans> <trans data-src="[">[</trans> <trans data-src="root@ELK-node2">root@ELK-node2</trans> <trans data-src=" yum.repos.d]# rpm --import "> yum.repos.d]# rpm --import </trans> <trans data-src="https://packages.elastic.co/GPG-KEY-elasticsearch">https://packages.elastic.co/GPG-KEY-elasticsearch</trans> <trans data-src="[">[</trans> <trans data-src="root@ELK-node2">root@ELK-node2</trans> <trans data-src=" yum.repos.d]# vim logstash.repo"> yum.repos.d]# vim logstash.repo</trans> <trans data-src="[">[</trans> <trans data-src="root@ELK-node2">root@ELK-node2</trans> <trans data-src=" yum.repos.d]# cat logstash.repo "> yum.repos.d]# cat logstash.repo </trans> <trans data-src="[logstash-2.4]">[logstash-2.4]</trans> <trans data-src="name=Logstash repository for 2.4.x packages">name=Logstash repository for 2.4.x packages</trans> <trans data-src="baseurl=">baseurl=</trans> <trans data-src="https://packages.elastic.co/logstash/2.4/centos">https://packages.elastic.co/logstash/2.4/centos</trans> <trans data-src="gpgcheck=1">gpgcheck=1</trans> <trans data-src="gpgkey=">gpgkey=</trans> <trans data-src="https://packages.elastic.co/GPG-KEY-elasticsearch">https://packages.elastic.co/GPG-KEY-elasticsearch</trans> <trans data-src="enabled=1">enabled=1</trans> <trans data-src="[">[</trans> <trans data-src="root@ELK-node2">root@ELK-node2</trans> <trans data-src=" yum.repos.d]# yum install logstash"> yum.repos.d]# yum install logstash</trans>

zero

one

two

three

four

five

six

seven

eight

nine

ten

[ root @ ELK - node2 elasticsearch ] # cd /etc/yum.repos.d/

[ root @ ELK - node2 yum . repos . d ] # rpm --import https://packages.elastic.co/GPG-KEY-elasticsearch

[ root @ ELK - node2 yum . repos . d ] # vim logstash.repo

[ root @ ELK - node2 yum . repos . d ] # cat logstash.repo

[ logstash - two point four ]

name = Logstash repository for 2.4.x packages

baseurl = https : //packages.elastic.co/logstash/2.4/centos

gpgcheck = one

gpgkey = https : //packages.elastic.co/GPG-KEY-elasticsearch

enabled = one

[ root @ ELK - node2 yum . repos . d ] # yum install logstash

compile:

 <trans data-src="[">[</trans> <trans data-src="root@ELK-node1">root@ELK-node1</trans> <trans data-src=" tools]# wget "> tools]# wget </trans> <trans data-src="https://download.elastic.co/logstash/logstash/logstash-2.4.0.tar.gz">https://download.elastic.co/logstash/logstash/logstash-2.4.0.tar.gz</trans> <trans data-src="[">[</trans> <trans data-src="root@ELK-node1">root@ELK-node1</trans> <trans data-src=" tools]# tar zxf logstash-2.4.0.tar.gz "> tools]# tar zxf logstash-2.4.0.tar.gz </trans> <trans data-src="[">[</trans> <trans data-src="root@ELK-node1">root@ELK-node1</trans> <trans data-src=" tools]# mv logstash-2.4.0 /byrd/service/"> tools]# mv logstash-2.4.0 /byrd/service/</trans> <trans data-src="[">[</trans> <trans data-src="root@ELK-node1">root@ELK-node1</trans> <trans data-src=" tools]# ln -s /byrd/service/logstash-2.4.0 /usr/local/logstash"> tools]# ln -s /byrd/service/logstash-2.4.0 /usr/local/logstash</trans> <trans data-src="[">[</trans> <trans data-src="root@ELK-node1">root@ELK-node1</trans> <trans data-src=" ~]# /usr/local/logstash/bin/logstash -e 'input { stdin{} } output { stdout{} }'"> ~]# /usr/local/logstash/bin/logstash -e 'input { stdin{} } output { stdout{} }'</trans> <trans data-src="heabc">heabc</trans> <trans data-src="Settings: Default pipeline workers: 4">Settings: Default pipeline workers: 4</trans> <trans data-src="Pipeline main started">Pipeline main started</trans> <trans data-src="2016-09-25T07:51:48.961Z ELK-node1.log.t4x.org heabc">2016-09-25T07:51:48.961Z ELK-node1.log.t4x.org heabc</trans> <trans data-src="[">[</trans> <trans data-src="root@ELK-node1">root@ELK-node1</trans> <trans data-src=" ~]# /usr/local/logstash/bin/logstash -e 'input { stdin{} } output { stdout{codec => rubydebug} }'"> ~]# /usr/local/logstash/bin/logstash -e 'input { stdin{} } output { stdout{codec => rubydebug} }'</trans> <trans data-src="hello,world">hello,world</trans> <trans data-src="Settings: Default pipeline workers: 4">Settings: Default pipeline workers: 4</trans> <trans data-src="Pipeline main started">Pipeline main started</trans> <trans data-src="{">{</trans> <trans data-src=""message" => "hello,world",">"message" => "hello,world",</trans> <trans data-src=""@version" => "1",">"@version" => "1",</trans> <trans data-src=""@timestamp" => "2016-09-25T07:49:43.812Z",">"@timestamp" => "2016-09-25T07:49:43.812Z",</trans> <trans data-src=""host" => "ELK-node1.log.t4x.org"">"host" => "ELK-node1.log.t4x.org"</trans> <trans data-src="}">}</trans> <trans data-src="Pipeline main has been shutdown">Pipeline main has been shutdown</trans> <trans data-src="stopping pipeline {:id=>"main"}">stopping pipeline {:id=>"main"}</trans> <trans data-src="[">[</trans> <trans data-src="root@ELK-node1">root@ELK-node1</trans> <trans data-src=" ~]# cat /etc/logstash.conf "> ~]# cat /etc/logstash.conf </trans> <trans data-src="input {">input {</trans> <trans data-src="file {">file {</trans> <trans data-src="path => "/var/log/messages"">path => "/var/log/messages"</trans> <trans data-src="}">}</trans> <trans data-src="}">}</trans> <trans data-src="output {">output {</trans> <trans data-src="elasticsearch {">elasticsearch {</trans> <trans data-src="hosts => [ "1.1.1.117:9200" ]">hosts => [ "1.1.1.117:9200" ]</trans> <trans data-src="index => "messages-%{+YYYY.MM.dd}"">index => "messages-%{+YYYY.MM.dd}"</trans> <trans data-src="}">}</trans> <trans data-src="}">}</trans> <trans data-src="[">[</trans> <trans data-src="root@ELK-node1">root@ELK-node1</trans> <trans data-src=" ~]# cat /etc/logstash.conf "> ~]# cat /etc/logstash.conf </trans> <trans data-src="input {">input {</trans> <trans data-src="file {">file {</trans> <trans data-src="path => "/var/log/messages"">path => "/var/log/messages"</trans> <trans data-src="}">}</trans> <trans data-src="}">}</trans> <trans data-src="output {">output {</trans> <trans data-src="redis {">redis {</trans> <trans data-src="data_type => "list"">data_type => "list"</trans> <trans data-src="key => "system-messages"">key => "system-messages"</trans> <trans data-src="host => "1.1.1.120"">host => "1.1.1.120"</trans> <trans data-src="password => "abc123"">password => "abc123"</trans> <trans data-src="port => "6379"">port => "6379"</trans> <trans data-src="db => "1"">db => "1"</trans> <trans data-src="}">}</trans> <trans data-src="}">}</trans> <trans data-src="[">[</trans> <trans data-src="root@ELK-node2">root@ELK-node2</trans> <trans data-src=" init.d]# cat /etc/logstash.conf    "> init.d]# cat /etc/logstash.conf    </trans> <trans data-src="input {">input {</trans> <trans data-src="redis {">redis {</trans> <trans data-src="data_type => "list"">data_type => "list"</trans> <trans data-src="key => "system-messages"">key => "system-messages"</trans> <trans data-src="host => "1.1.1.120"">host => "1.1.1.120"</trans> <trans data-src="password => "abc123"">password => "abc123"</trans> <trans data-src="port => "6379"">port => "6379"</trans> <trans data-src="db => "1"">db => "1"</trans> <trans data-src="}">}</trans> <trans data-src="}">}</trans> <trans data-src="output {">output {</trans> <trans data-src="elasticsearch {">elasticsearch {</trans> <trans data-src="hosts => [ "1.1.1.117:9200" ]">hosts => [ "1.1.1.117:9200" ]</trans> <trans data-src="index => "sys-messages-%{+YYYY.MM.dd}"">index => "sys-messages-%{+YYYY.MM.dd}"</trans> <trans data-src="}">}</trans> <trans data-src="}">}</trans> <trans data-src="[">[</trans> <trans data-src="root@ELK-node1">root@ELK-node1</trans> <trans data-src=" tools]# cat /etc/logstash.conf"> tools]# cat /etc/logstash.conf</trans> <trans data-src="input {">input {</trans> <trans data-src="file {">file {</trans> <trans data-src="path => "/var/log/nginx/access.log"">path => "/var/log/nginx/access.log"</trans> <trans data-src="codec => "json"">codec => "json"</trans> <trans data-src="}">}</trans> <trans data-src="}">}</trans> <trans data-src="output {">output {</trans> <trans data-src="redis {">redis {</trans> <trans data-src="data_type => "list"">data_type => "list"</trans> <trans data-src="key => "nginx-access-log"">key => "nginx-access-log"</trans> <trans data-src="host => "1.1.1.120"">host => "1.1.1.120"</trans> <trans data-src="password => "abc123"">password => "abc123"</trans> <trans data-src="port => "6379"">port => "6379"</trans> <trans data-src="db => "2"">db => "2"</trans> <trans data-src="}">}</trans> <trans data-src="}">}</trans> <trans data-src="[">[</trans> <trans data-src="root@ELK-node2">root@ELK-node2</trans> <trans data-src=" ~]# cat /etc/logstash.conf "> ~]# cat /etc/logstash.conf </trans> <trans data-src="input {">input {</trans> <trans data-src="redis {">redis {</trans> <trans data-src="data_type => "list"">data_type => "list"</trans> <trans data-src="key => "nginx-access-log"">key => "nginx-access-log"</trans> <trans data-src="host => "1.1.1.120"">host => "1.1.1.120"</trans> <trans data-src="password => "abc123"">password => "abc123"</trans> <trans data-src="port => "6379"">port => "6379"</trans> <trans data-src="db => "2"">db => "2"</trans> <trans data-src="}">}</trans> <trans data-src="}">}</trans> <trans data-src="output {">output {</trans> <trans data-src="elasticsearch {">elasticsearch {</trans> <trans data-src="hosts => [ "1.1.1.117:9200" ]">hosts => [ "1.1.1.117:9200" ]</trans> <trans data-src="index => "nginx-access-log-%{+YYYY.MM.dd}"">index => "nginx-access-log-%{+YYYY.MM.dd}"</trans> <trans data-src="}">}</trans> <trans data-src="}">}</trans>

zero

one

two

three

four

five

six

seven

eight

nine

ten

eleven

twelve

thirteen

fourteen

fifteen

sixteen

seventeen

eighteen

nineteen

twenty

twenty-one

twenty-two

twenty-three

twenty-four

twenty-five

twenty-six

twenty-seven

twenty-eight

twenty-nine

thirty

thirty-one

thirty-two

thirty-three

thirty-four

thirty-five

thirty-six

thirty-seven

thirty-eight

thirty-nine

forty

forty-one

forty-two

forty-three

forty-four

forty-five

forty-six

forty-seven

forty-eight

forty-nine

fifty

fifty-one

fifty-two

fifty-three

fifty-four

fifty-five

fifty-six

fifty-seven

fifty-eight

fifty-nine

sixty

sixty-one

sixty-two

sixty-three

sixty-four

sixty-five

sixty-six

sixty-seven

sixty-eight

sixty-nine

seventy

seventy-one

seventy-two

seventy-three

seventy-four

seventy-five

seventy-six

seventy-seven

seventy-eight

seventy-nine

eighty

eighty-one

eighty-two

eighty-three

eighty-four

eighty-five

eighty-six

eighty-seven

eighty-eight

eighty-nine

ninety

ninety-one

ninety-two

ninety-three

ninety-four

ninety-five

ninety-six

ninety-seven

ninety-eight

ninety-nine

one hundred

one hundred and one

one hundred and two

one hundred and three

one hundred and four

one hundred and five

one hundred and six

one hundred and seven

one hundred and eight

one hundred and nine

one hundred and ten

one hundred and eleven

one hundred and twelve

[ root @ ELK - node1 tools ] # wget https://download.elastic.co/logstash/logstash/logstash-2.4.0.tar.gz

[ root @ ELK - node1 tools ] # tar zxf logstash-2.4.0.tar.gz

[ root @ ELK - node1 tools ] # mv logstash-2.4.0 /byrd/service/

[ root @ ELK - node1 tools ] # ln -s /byrd/service/logstash-2.4.0 /usr/local/logstash

[ root @ ELK - node1 ~ ] # /usr/local/logstash/bin/logstash -e 'input { stdin{} } output { stdout{} }'

heabc

Settings : Default pipeline workers : four

Pipeline main started

two thousand and sixteen - 09 - 25T07 : fifty-one : 48.961Z ELK - node1 . log . t4x . org heabc

[ root @ ELK - node1 ~ ] # /usr/local/logstash/bin/logstash -e 'input { stdin{} } output { stdout{codec => rubydebug} }'

hello , world

Settings : Default pipeline workers : four

Pipeline main started

{

"message" = > "hello,world" ,

"@version" = > "1" ,

"@timestamp" = > "2016-09-25T07:49:43.812Z" ,

"host" = > "ELK-node1.log.t4x.org"

}

Pipeline main has been shutdown

stopping pipeline { : id = > "main" }

[ root @ ELK - node1 ~ ] # cat /etc/logstash.conf

input {

file {

path = > "/var/log/messages"

}

output {

elasticsearch {

hosts = > [ "1.1.1.117:9200" ]

index = > "messages-%{+YYYY.MM.dd}"

}

[ root @ ELK - node1 ~ ] # cat /etc/logstash.conf

input {

file {

path = > "/var/log/messages"

}

output {

redis {

data_type = > "list"

key = > "system-messages"

host = > "1.1.1.120"

password = > "abc123"

port = > "6379"

db = > "1"

}

[ root @ ELK - node2 init . d ] # cat /etc/logstash.conf

input {

redis {

data_type = > "list"

key = > "system-messages"

host = > "1.1.1.120"

password = > "abc123"

port = > "6379"

db = > "1"

}

output {

elasticsearch {

hosts = > [ "1.1.1.117:9200" ]

index = > "sys-messages-%{+YYYY.MM.dd}"

}

[ root @ ELK - node1 tools ] # cat /etc/logstash.conf

input {

file {

path = > "/var/log/nginx/access.log"

codec = > "json"

}

output {

redis {

data_type = > "list"

key = > "nginx-access-log"

host = > "1.1.1.120"

password = > "abc123"

port = > "6379"

db = > "2"

}

[ root @ ELK - node2 ~ ] # cat /etc/logstash.conf

input {

redis {

data_type = > "list"

key = > "nginx-access-log"

host = > "1.1.1.120"

password = > "abc123"

port = > "6379"

db = > "2"

}

output {

elasticsearch {

hosts = > [ "1.1.1.117:9200" ]

index = > "nginx-access-log-%{+YYYY.MM.dd}"

}

 <trans data-src="log_format logstash_json '{ "@timestamp": "$time_iso8601", '">log_format logstash_json '{ "@timestamp": "$time_iso8601", '</trans> <trans data-src="'"remote_addr": "$remote_addr", '">'"remote_addr": "$remote_addr", '</trans> <trans data-src="'"referer": "$http_referer", '">'"referer": "$http_referer", '</trans> <trans data-src="'"request": "$request", '">'"request": "$request", '</trans> <trans data-src="'"status": $status, '">'"status": $status, '</trans> <trans data-src="'"bytes":$body_bytes_sent, '">'"bytes":$body_bytes_sent, '</trans> <trans data-src="'"agent": "$http_user_agent", '">'"agent": "$http_user_agent", '</trans> <trans data-src="'"x_forwarded": "$http_x_forwarded_for", '">'"x_forwarded": "$http_x_forwarded_for", '</trans> <trans data-src="'"upstr_addr": "$upstream_addr",'">'"upstr_addr": "$upstream_addr",'</trans> <trans data-src="'"upstr_host": "$upstream_http_host",'">'"upstr_host": "$upstream_http_host",'</trans> <trans data-src="'"ups_resp_time": "$upstream_response_time" }';">'"ups_resp_time": "$upstream_response_time" }';</trans> <trans data-src="access_log  /var/log/nginx/access.log  logstash_json;">access_log  /var/log/nginx/access.log  logstash_json;</trans>

zero

one

two

three

four

five

six

seven

eight

nine

ten

eleven

twelve

thirteen

log_format logstash_json '{ "@timestamp": "$time_iso8601", '

'"remote_addr": "$remote_addr", '

'"referer": "$http_referer", '

'"request": "$request", '

'"status": $status, '

'"bytes":$body_bytes_sent, '

'"agent": "$http_user_agent", '

'"x_forwarded": "$http_x_forwarded_for", '

'"upstr_addr": "$upstream_addr",'

'"upstr_host": "$upstream_http_host",'

'"ups_resp_time": "$upstream_response_time" }' ;

access_log / var / log / nginx / access . log logstash_json ;

SourceByrd's Weblog- https://note.t4x.org/other/logstash-configure-install/ SourceByrd's Weblog- https://note.t4x.org/other/logstash-configure-install/

Today in History

September

twenty-five

two thousand and fourteen GNU Bash (CVE-2014-6271) vulnerability resolution (secondary revision)

Statement: unless otherwise specified Byrd's Blog The content is original. Reproduction without permission is prohibited! For details, please read Copyright Statement !

Today in History

Comment

Register

Login